One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider. A lot of changes in our everyday life are out of our control. It can be hard to discover, monitor and even react to change. However, when it comes to change in the world of cybersecurity, it’s possible we can manage that change in a way that can have a positive impact on our business.
To operate efficiently, businesses today use numerous devices such as laptops, desktop computers, and mobile devices. Securing all these devices—collectively called endpoints—significantly improves the overall security of your enterprise’s IT network. This blog can help you get started with endpoint security. To begin with, let’s define endpoint security.
Circuit breakers were originally designed to protect electrical circuits from damage. Software development has adopted the concept as a type of resiliency pattern and it can now be found commonly in the cloud-native and microservices stacks. They can also be valuable in any codebase that needs to offer more flexibility, especially when relying on third-party APIs. Welcome to Part 1 of this two part series on building a circuit breaker in Node.js.
Have you ever been building an application and thought: "I can make requests to this service's API, but is there a way for them to let my app know when X happens? You could try calling the API on a set interval. Take the response, compare it to the last, and go from there. This is polling, but it is inefficient and can be an easy way to hit rate limits. Instead, some APIs and services offer what's known as a webhook. Instead of contacting them, they contact you.
Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is critically important to have this level of understanding across large swaths of the workforce, from the senior level to operations teams.
Cybersecurity performance management is the process of evaluating your cybersecurity program's maturity based on top-level risks and the associated level of investment (people, processes and technology) needed to improve your security security to meet regulatory requirements and business outcomes. Security metrics improve decision making by helping risk management and security teams take a risk-based, outcome-driven approach to assessing and managing their organization's cybersecurity capabilities.
In our previous post on API Gateways we discussed how services handle external client to service(North-South) traffic. When it comes to dealing with service to service(East-West) traffic it is common to implement a Service Mesh.
What's a gateway? It is an entry point. Things go in. People, traffic, requests. If you've spent any time with microservices, you may have come across the term "API gateway". While not unique to microservices, the API gateway's popularity has grown in the time since their rise. So what exactly is an API gateway?
Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers, and he was concerned that the scanner came back with 0 results. After reviewing his set-up, I easily discovered the answer.
Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data could include the following: The email is, unfortunately, somewhat lacking in detail – meaning that concerned customers may have to contact PlanetDrugsDirect via email or telephone to ask questions.
Learn how INETCO helped banks, credit unions and payment service providers improve customer experience, detect fraud faster and optimize transaction performance in 2019.
Bearer's co-founders Guillaume and Cédric are big advocates for remote work. Both have written about the advantages and challenges in the past on the Bearer Blog, but today I want to share some thoughts from our team on what it's like working for a distributed, fully remote company. A few main trends came up. Some expected, and a few surprising.
The Greek philosopher Aristotle once said, “The whole is greater than the sum of its parts.” When it comes to guaranteeing that every payment transaction completes as expected, this statement could not be more accurate. For retail banks, independent ATM deployers (IADs) and payment processors, transactions are the lifeblood of their businesses.
How resilient is your application? Maybe you've set up a suite of logging tools, an APM, and tests to handle all your own code. What happens when a third-party API goes down? What happens when it stays up, but slows down to the point that your dependent services start to fail? Finding a modern application that doesn't rely on third-party APIs is rare, particularly with the abundance of social login and sharing.
In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization can measure and improve its data protection program. It also details ways in which a company can measure the maturity of the program.
On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks.
Following the recent U.S. operation in Iraq which resulted in the killing of Iranian General Qassem Soleimani, Iran warned that it will retaliate. Although the international community and both involved countries have taken steps to deescalate the crisis, it is always prudent to stay alert and continually update your cybersecurity programs regardless of whether the opponent is a state actor or just a common cybercriminal.
Application performance management (APM) software, sometimes known as application performance monitoring software, is a software as a service (SaaS) type that provides you with a variety of ways to analyze and ensure availability within your application. They can give you metrics in areas such as render times, database load, and failed requests. Modern APM tools are mostly drop-in, all-in-one style solutions. Add a dependency and know everything about why your app is slowing down or crashing.
Tools and features introduced with the intention of benefiting and empowering an organization can sometimes end up being misused. PowerShell is a classic example.
First, we wanted to wish you a very API New Year. Besides the traditional wishes, we wanted to take the chance to summarize all the great things the team brought to you in 2019... and give you a glimpse into the future.
Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw.
How does your application handle failure? Your first level of response might focuses on logging and displaying errors, but it merely captures the problem rather than resolving it. What happens if a vital service is offline or under heavy load? What about simply not performing at the standards you might expect? As your application relies more on services that you don't control, like third-party APIs, the need to handle these variables when they arise becomes more important.
Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy.
Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.
ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been.
Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM) tools like Tripwire Enterprise (TE) to assist you on your Zero Trust (ZT) journey.
Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives.
